Added forgot() and reset() methods, fix #3

frameworkwtf · Apr 5, 2018 · f7517f6 · f7517f6
1 parent 330f180
commit f7517f6
Show file tree

Hide file tree

Showing 5 changed files with 128 additions and 0 deletions.
diff --git a/src/Auth.php b/src/Auth.php
@@ -32,6 +32,29 @@ public function login(string $login, string $password)
         return $this->auth_storage->setUser($user);
     }
 
+    /**
+     * Generate special code for user who forgot password.
+     *
+     * @return string code
+     */
+    public function forgot(string $login): string
+    {
+        return $this->auth_repository->forgot($login);
+    }
+
+    /**
+     * Reset user password by code.
+     *
+     * @param string $code         Return value of self::forgot()
+     * @param string $new_password New password for user
+     *
+     * @return bool
+     */
+    public function reset(string $code, string $new_password): bool
+    {
+        return $this->auth_repository->reset($code, $new_password);
+    }
+
     /**
      * Check if current user is logged in.
      *

diff --git a/src/Auth/Repository/RepositoryInterface.php b/src/Auth/Repository/RepositoryInterface.php
@@ -29,4 +29,21 @@ public function getLoginFields(): array;
      * @return null|Root
      */
     public function login(string $login, string $password): ?Root;
+
+    /**
+     * Generate special code for user who forgot password.
+     *
+     * @return string code
+     */
+    public function forgot(string $login): string;
+
+    /**
+     * Reset user password by code.
+     *
+     * @param string $code         Return value of self::forgot()
+     * @param string $new_password New password for user
+     *
+     * @return bool
+     */
+    public function reset(string $code, string $new_password): bool;
 }
diff --git a/src/Auth/Repository/User.php b/src/Auth/Repository/User.php
@@ -26,6 +26,16 @@ public function getPasswordField(): string
         return 'password';
     }
 
+    /**
+     * Get forgot password code field, eg: 'forgot'.
+     *
+     * @return string
+     */
+    public function getForgotField(): string
+    {
+        return 'forgot';
+    }
+
     /**
      * {@inheritdoc}
      */
@@ -63,4 +73,38 @@ public function getByLogin(string $login): ?Root
 
         return null;
     }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function forgot(string $login): string
+    {
+        $user = $this->getByLogin($login);
+        if (null === $user) {
+            return '';
+        }
+
+        $user->set($this->getForgotField(), \md5($user->getId().\random_int(PHP_INT_MIN, PHP_INT_MAX)))->save(false);
+
+        return $user->get($this->getForgotField());
+    }
+
+    /**
+     * {@inheritdoc}
+     */
+    public function reset(string $code, string $new_password): bool
+    {
+        $user = $this->entity($this->config('auth.entity', 'user'));
+        if (!$user->has([$this->getForgotField() => $code])) {
+            return false;
+        }
+
+        $user->load($code, $this->getForgotField())
+             ->setData([
+             $this->getForgotField() => null,
+             $this->getPasswordField() => \password_hash($new_password, PASSWORD_DEFAULT),
+         ])->save(false);
+
+        return true;
+    }
 }
diff --git a/tests/Auth/Storage/SessionTest.php b/tests/Auth/Storage/SessionTest.php
@@ -97,4 +97,34 @@ public function testLogout(): void
         $this->app->getContainer()->auth->logout();
         $this->assertNull($this->app->getContainer()->auth->getUser());
     }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testForgot(): void
+    {
+        \session_start();
+        $this->assertInternalType('string', $this->app->getContainer()->auth->forgot('wrong'));
+        $this->assertInternalType('string', $this->app->getContainer()->auth->forgot('login'));
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testReset(): void
+    {
+        \session_start();
+        $code = $this->app->getContainer()->auth->forgot('login');
+        $this->app->getContainer()['forgot_code'] = $code;
+        $this->assertTrue($this->app->getContainer()->auth->reset($code, 'me2'));
+    }
+
+    /**
+     * @runInSeparateProcess
+     */
+    public function testResetNull(): void
+    {
+        \session_start();
+        $this->assertFalse($this->app->getContainer()->auth->reset('notexists', 'password'));
+    }
 }
diff --git a/tests/data/dummy/Dummy.php b/tests/data/dummy/Dummy.php
@@ -12,6 +12,14 @@ class Dummy extends \Wtf\Root
         'password' => '$2y$10$W4LwVSVpKxZqXelwwcV92ORTZGIodZRK8c1o4VW84sPExYRXfSUL6', //me
     ];
 
+    public function __construct($container)
+    {
+        parent::__construct($container);
+        if ($container->has('forgot')) {
+            $this->set('forgot', $container->get('forgot'));
+        }
+    }
+
     public function setData($data)
     {
         $this->data = \array_merge($this->data, $data);
@@ -34,10 +42,16 @@ public function has($where)
         if (
             ('login' === \array_keys($where)[0] && 'login' === $where['login'])
             || ('id' === \array_keys($where)[0] && '1' === $where['id'])
+            || ('forgot' === \array_keys($where)[0] && 'notexists' !== $where['forgot'])
         ) {
             return true;
         }
 
         return false;
     }
+
+    public function save(bool $validate = true): \Wtf\Root
+    {
+        return $this;
+    }
 }